IETF Logo Mail Archive

[Ntp] Antwort: Antw: [EXT] Re: NTPv5 draft

kristof.teichel@ptb.de Thu, 10 December 2020 10:38 UTC

Return-Path: <kristof.teichel@ptb.de>
X-Original-To: ntp@ietfa.amsl.com
Delivered-To: ntp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 762593A0C55 for <ntp@ietfa.amsl.com>; Thu, 10 Dec 2020 02:38:52 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.42
X-Spam-Level:
X-Spam-Status: No, score=-1.42 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, HTML_MIME_NO_HTML_TAG=0.377, HTML_NONELEMENT_30_40=0.001, MIME_HTML_ONLY=0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id v1tt9a_B35pz for <ntp@ietfa.amsl.com>; Thu, 10 Dec 2020 02:38:50 -0800 (PST)
Received: from mx1.bs.ptb.de (mx1.bs.ptb.de [192.53.103.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2247B3A0C5E for <ntp@ietf.org>; Thu, 10 Dec 2020 02:38:49 -0800 (PST)
Received: from smtp-hub.bs.ptb.de (smtpint01.bs.ptb.de [141.25.87.32]) by mx1.bs.ptb.de with ESMTP id 0BAAchZk030048-0BAAchZm030048 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=FAIL); Thu, 10 Dec 2020 11:38:43 +0100
Received: from lotus.bs.ptb.de (lotus.bs.ptb.de [141.25.85.200]) by smtp-hub.bs.ptb.de (Postfix) with ESMTPS id 71FA4A75903; Thu, 10 Dec 2020 11:38:43 +0100 (CET)
MIME-Version: 1.0
X-Disclaimed: 1
Sensitivity:
Importance: Normal
X-Priority: 3 (Normal)
In-Reply-To: <5FD1CCD9020000A10003D705@gwsmtp.uni-regensburg.de>
References: <5FD1CCD9020000A10003D705@gwsmtp.uni-regensburg.de>, <20201201100305.GK1900232@localhost> <F62C1325-8409-474C-9650-FA96405D0F4B@gmail.com> <20201207104541.GE2352378@localhost> <E0159612-5D83-4A0E-BBD1-1D75C0B49226@akamai.com> <20201207153444.GO2352378@localhost> <1204B871-7728-45DA-B628-8F79BD074A96@akamai.com> <20201208095046.GT2352378@localhost> <D15AF5B4-F976-44D6-B8E7-986E3B8CE23D@akamai.com> <20201208150725.GX2352378@localhost> <6d7daa5e-8537-a3a5-a5c3-2468be4c2918@gmail.com> <20201209083800.GY2352378@localhost> <bcec8d14-9af9-96c1-7e71-39569cb7b0ed@gmail.com> <51D0EEC3-F30E-4A0F-9DBA-B8D2A8CFA959@akamai.com> <42E7D41602000042824A10E1@gwsmtp.uni-regensburg.de> <18374174020000D46A6A8CFC@gwsmtp.uni-regensburg.de> <1C64D458020000B5824A10E1@gwsmtp.uni-regensburg.de> <A4CD014B020000F57BE0EBB5@gwsmtp.uni-regensburg.de>
From: kristof.teichel@ptb.de
To: Ulrich Windl <Ulrich.Windl@rz.uni-regensburg.de>, mlichvar@redhat.com
Cc: Rich Salz <rsalz=40akamai.com@dmarc.ietf.org>, james.ietf@gmail.com, "ntp@ietf.org" <ntp@ietf.org>, Dieter Sibold <dsibold.ietf@gmail.com>
Message-ID: <OFE90AD9EF.CD8E14CE-ONC125863A.0036599D-C125863A.003A796E@ptb.de>
Date: Thu, 10 Dec 2020 11:38:41 +0100
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/ntp/9Cz20MvJJaBBJozrhh_Qsvemi4E>
Subject: [Ntp] Antwort: Antw: [EXT] Re: NTPv5 draft
X-BeenThere: ntp@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <ntp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ntp>, <mailto:ntp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ntp/>
List-Post: <mailto:ntp@ietf.org>
List-Help: <mailto:ntp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ntp>, <mailto:ntp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 10 Dec 2020 10:38:53 -0000

It seems to me that the answer is clearly that NTPv5 should natively make available security that is strong (enough), as well as easy to deploy and use.

I do not agree with the train of thought that because some users don't strictly need security for their use case, security should be disabled by default. 
1) First of all, this only makes abstract sense to me as a conclusion if security enabled by default comes at significant cost - and I think we can prevent this from being true, specifically by investing work into support of a "two-step" message format, where all security (and, honestly, most information overall) is only included in the "follow-up" message; then security being enabled really has zero extra cost (apart from everything being more accurate overall).
2) Second of all, I think these use cases (where users don't need security because they are using NTP in a closed controlled network) are the exception rather than the norm. The majority of NTP traffic is going to happen over the open internet, and security should pretty much unconditionally be used in that scenario.

As kind of an aside @Miroslav: I don't think anyone is claiming that NTPv4+NTS has a security issue in the sense that it does not provide adequate security when used (otherwise I really would like to explicitly hear such concerns!). 
I think people are saying that NTPv4 with *available* NTS provides too much leeway to not use security. 
Most importantly, the "lazy" option (the scenario where you make no conscious decision, which I propose the majority of people follow in most cases) currently is to not use security. From a 2020 viewpoint, this simply is backwards, and we need to change it as soon as we can. 
Changing to NTPv5 provides just that opportunity. We can simply standardize that security (with NTS) be enabled. You talked about the potential rollout of NTS, and this would give us the chance to really, really boost (predicted) numbers from <<50% to >>50% of users/machines/messages being secured. I believe we should do this, as anything else would just be a massive waste of opportunity.


TL;DR: I'm in favor of security being enabled by default in NTPv5 and using NTS to realize that. It presents an opportunity to massively increase the use of security in NTP traffic. If we believe that the cost is too great for some use cases, let us focus our energy on reducing it, instead of letting the opportunity go to waste!


Best regards,
Kristof



-----"ntp" <ntp-bounces@ietf.org> schrieb: -----
An: "Rich Salz" <rsalz=40akamai.com@dmarc.ietf.org>, <james.ietf@gmail.com>, <mlichvar@redhat.com>
Von: "Ulrich Windl"
Gesendet von: "ntp"
Datum: 10.12.2020 08:23
Kopie: "ntp@ietf.org" <ntp@ietf.org>, "Dieter Sibold" <dsibold.ietf@gmail.com>
Betreff: [Ntp] Antw: [EXT] Re: NTPv5 draft

    >>> "Salz, Rich" <rsalz=40akamai.com@dmarc.ietf.org> schrieb am 09.12.2020
um 15:56
in Nachricht <51D0EEC3-F30E-4A0F-9DBA-B8D2A8CFA959@akamai.com>:
>>  Now, suddenly people talk about some non‑specific issues that have an
>     > unknown solution. Where were you when NTS was designed? And why does
>     > it need to be solved in NTPv5?
>
> NTS was designed to add security features to an existing protocol without
> disrupting it.
>
> NTPv5 should be designed with security built‑in from the beginning.

I think "security" was "built-in" since NTPv3, but:
Was the security srong enough?
Was the security easy to deploy and use?
Did it need shared secrets between different authority zones?

In v4 autokey tried to address some issues, while adding several new

So what should v5 really bring?

Regards,
Ulrich

>
> Miroslav's draft is just an individual viewpoint.  I would be against the WG

> adopting it because the author seems to be opposed to the design requirement

> I just mentioned.
>
> _______________________________________________
> ntp mailing list
> ntp@ietf.org
> https://www.ietf.org/mailman/listinfo/ntp" rel="nofollow">https://www.ietf.org/mailman/listinfo/ntp 



_______________________________________________
ntp mailing list
ntp@ietf.org
https://www.ietf.org/mailman/listinfo/ntp" rel="nofollow">https://www.ietf.org/mailman/listinfo/ntp

v2.23.0 | Report a Bug | By Email